[cap-talk] Firefox breaks the principle of identifiability

[Tyler Close]

On Feb 7, 2005, at 6:54 PM, Ben Laurie wrote:

> Tyler Close wrote:
>> Petnames solve this problem by eliminating the name conflation. A
>> separate namespace is used to identify trust relationships. This
>> namespace is managed solely by the user's browser, thus eliminating 
>> the
>> potential attacker from the name recognition process. That's how the
>> petname toolbar solves the phishing problem, both in theory and in
>> practice.
>
> So how, in this system, does the user come to trust Paypal (as opposed 
> to someone pretending to be Paypal)?

Before getting into the mechanics of introduction, it is important to 
realize that introduction has nothing to do with phishing. In a 
phishing attack, a spoof site impersonates a trusted site so as to 
intercept the high value communications between the user and the 
trusted site. The introduction and creation of a trust relationship has 
already occurred, and the phisher is trying to subvert this existing 
relationship. To defend against phishing, we need only prevent 
subversion of existing trust relationships. The current PKI solution 
fails to provide this protection.

For example, people with Paypal accounts already have a connection and 
trust relationship with the Paypal website. The phisher wants to get 
the password for this existing Paypal account. We can defeat the 
phisher by preventing impersonation of the Paypal website. As the shmoo 
examples demonstrate, the PKI fails to prevent this impersonation.

Do you agree that the petname toolbar prevents phishing attacks, as 
they are defined in this email?

Defending the integrity of introductions is also important, but it is a 
separate problem from phishing. I am happy to explain how YURLs are 
used to ensure the integrity of introductions, but let's progress in 
steps.

Tyler

---
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/